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s (57) Abstract; A system for providing rights 

~X ^ eotttfolied acces-f to siigitai mssdia comprises a proviilcv 

' ' data pjwcessor (102) snd a i!i?er data pracessor (104) 

connected hy a commonnicatfuns aoS'.'.'ork. The user 
data processor psxmdes access to a dasa object (106) 
in accordance wjtfi rcSes (116) associaied with the 
dais object by *b ssrwsr dma procsssor. Tine asea- 
data processtis- irKvUidss a machisiC key dcwcc (118) 
and a user key devicfs C13<!). The machine key device 
is pi'eforably art inslaSied conipoiisril of ths dient 
data processor Ihat provides encryption, dccrypttosi, 
and 3iithcnt!«at!e>n fuEictionaSEy for she cHenf data 
processor. Tiie ascr key sSevsce is prefeabiy a 
reraovabJc, poflabic dervicc Uiat connects to Uie dlenS 
data pnwessor and provides encryption, decryption, 
and aBthemicaEian foncdonality for a ssser. The use 
of a data object is restricted to a particular assr and a 
partsculsir data processor throagli the «s« of muitipls 
layers of csircryptioa 
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jgeBier. As iibsirsted in Rgure 48, the data sbjait 106 and the contal dats 11S srs encrypfed in a layer 414. The 
ymmeiiic session key 412 is gen^ed and used for a ssngie commuiiication cf cerr^RiUiiteaiofs s&ssims since [nfcsraaSon Is 



metric ihan tvlSh mmieMo keys, in sensral, data to be s 
« key. and M session key in turn can eucaypted wIj m 



At a siap 504, ite date packagifig progran 110 sncrypts Ihe symifidric sss^ toy 412 with a public program key 
the symmetfie session \^ 4iJ k Mm einbodiment. the pfogram ksy 116 is an asymmefe key pair 

•program 114 aid tlw pubJic key is publshsd gMerably ss a cBgifal cerifeate) or transmitted to Ihe data packaglsig program 
. 1 14, This.8!iayi5tion of the symnrelric session key 412 is In effect a furSierencfypiion, using ilie program kBy 115, of the data 
encp/pted witii the symniefrio session key 412 its#. As iiluslrsted in Figure 4B, the symmluo session key 412 ts mcrjpM h 
. .a iayer 416. la the- first embodiment M bj-ers 414 and 416 tegeiher (wiBspond lis the fet layar 402 fn the gsnera! 



U*i8 program isey 11§ may be a s! 



:( firs user program 114. In ft 
imksy. instill another allefnafii 



Ic pmtm Ncf known to both the pi 



d wElti file prosram key 115. in Ms case Ihe session key 412 n« 
determines \vtietathe-use of tiie data objestlOS is to be resEric 



-to a pariiGiilar user, and if so, passes corsifo! to a step 503. if not, tiis data pi 
control on to a step 510, Ttis Ms packaging program- 110 may make fliis 



ti llO skips step SOS and passes 



the data,ob|sct 106 is Id be restricted to a particular user. 

At the step 508; ihe data packaging program HOfurHier encrypts the syrnmetric gesskm toy 412 wifii a public user 
25 key. in the M embodiment. Ilie urn key 121 Is an asprt>etric key pair oamprnm »» pubilc user key and a prlvals user 
key. Tlieasymrnetifckeypalrlsprarst^lyganeratedinadvaricsbytheuserks^ 

key 412 b in s^&A a ilifther enwypEoii, mng M user 121, of Ihe date encrypted with tiie symnietflo ssssion key 412 
itseif. As lllustfaisd in Rgure 4B. the step 508 results in sit encrypllon layer 418, whidi corresponds to §se second Isysr m m 

kiown to botn tt!s pad^agiag program -110 and the ussr proeram 114. in Ms ca^ the symmetric sessfon key 412 Is 



At a stsp S10, which is sJmilar fo the step 506, the data padcaglns PPograni 110 determinBs whether flie use of the 
data Qb}8ct 1QS Is to be restrioted Id a parttaiiar data processor, and If so, passes confrai io a sliep S12. if not, the data 
3§ . packing program 110 sk'^s step 512 and passes control on to a sisp 514. 

At the step 512, the data packaging program 110 further encrypts the synwieidc session key 412 wllli a pubic 
macte key. in 813 first embodfrnsnt, the madine key 119 is an asyirwieSrs key pair comprising the public mactte key and 

public isey is pubSshed {pi^ferably asa digiial cerllficafe) orfransinitted io the data psckagkig program 114. This enon,'pHon of 
40 me symmetrfc session key 412 Is in effect a fiiriher encryption, using the machine key 119, of Sia data erwrypled wUh the 
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